Julien Cristau pushed to branch debian-buster at X Strike Force / xserver / xorg-server
Commits: dda3978c by Matthieu Herrb at 2021-04-19T11:30:24+02:00 Fix XChangeFeedbackControl() request underflow CVE-2021-3472 / ZDI-CAN-1259 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <[email protected]> (cherry picked from commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd) - - - - - a34193d5 by Julien Cristau at 2021-04-19T11:34:48+02:00 Upload to stable-security - - - - - 2 changed files: - Xi/chgfctl.c - debian/changelog Changes: ===================================== Xi/chgfctl.c ===================================== @@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client) break; case StringFeedbackClass: { - xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]); + xStringFeedbackCtl *f; + REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq, + sizeof(xStringFeedbackCtl)); + f = ((xStringFeedbackCtl *) &stuff[1]); if (client->swapped) { if (len < bytes_to_int32(sizeof(xStringFeedbackCtl))) return BadLength; ===================================== debian/changelog ===================================== @@ -1,3 +1,9 @@ +xorg-server (2:1.20.4-1+deb10u3) buster-security; urgency=high + + * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472) + + -- Julien Cristau <[email protected]> Mon, 19 Apr 2021 11:34:38 +0200 + xorg-server (2:1.20.4-1+deb10u2) buster-security; urgency=medium * CVE-2020-14360 CVE-2020-25712 View it on GitLab: https://salsa.debian.org/xorg-team/xserver/xorg-server/-/compare/806df515aa12dec395df86763e6d505121fedd19...a34193d5e608e38cd3a68c4ee17a876f6a7e9e2e -- View it on GitLab: https://salsa.debian.org/xorg-team/xserver/xorg-server/-/compare/806df515aa12dec395df86763e6d505121fedd19...a34193d5e608e38cd3a68c4ee17a876f6a7e9e2e You're receiving this email because of your account on salsa.debian.org.
